To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 541
- compare with another revision
- download diff
- download tarball
- view history from revision 541
- Committer: Teddy Hogeborn
- Date: 2011-12-31 20:07:11 UTC
- mfrom: (535.1.9 wireless-network-hook)
- Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.
- files removed:
- bugs.xml
- debian/upstream
- plugin-helpers
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
-Wswitch-default -Wswitch-enum -Wunused-parameter \
3
-Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
6
4
-Wunsafe-loop-optimizations -Wpointer-arith \
7
5
-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
-Wconversion -Wlogical-op -Waggregate-return \
9
-Wstrict-prototypes -Wold-style-definition \
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
-Wvolatile-register-var -Woverlength-strings
13
#DEBUG=-ggdb3 -fsanitize=address
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
6
-Wconversion -Wstrict-prototypes -Wold-style-definition \
7
-Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
# -Wunreachable-code
9
#DEBUG=-ggdb3
10
# For info about _FORTIFY_SOURCE, see
11
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
12
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
13
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
18
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
19
-fsanitize=shift -fsanitize=integer-divide-by-zero \
20
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
21
-fsanitize=return -fsanitize=signed-integer-overflow \
22
-fsanitize=bounds -fsanitize=alignment \
23
-fsanitize=object-size -fsanitize=float-divide-by-zero \
24
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
25
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
26
-fsanitize=enum
27
# Check which sanitizing options can be used
28
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
-o /dev/null >/dev/null 2>&1 && echo $(option)))
31
14
LINK_FORTIFY_LD=-z relro -z now
32
15
LINK_FORTIFY=
33
16
37
20
LINK_FORTIFY += -pie
38
21
endif
39
22
#COVERAGE=--coverage
40
OPTIMIZE=-Os -fno-strict-aliasing
41
LANGUAGE=-std=gnu11
23
OPTIMIZE=-Os
24
LANGUAGE=-std=gnu99
42
25
htmldir=man
43
version=1.7.13
26
version=1.4.1
44
27
SED=sed
45
28
46
29
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
30
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
48
31
49
32
## Use these settings for a traditional /usr/local install
50
33
# PREFIX=$(DESTDIR)/usr/local
53
36
# MANDIR=$(PREFIX)/man
54
37
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
55
38
# STATEDIR=$(DESTDIR)/var/lib/mandos
56
# LIBDIR=$(PREFIX)/lib
57
39
##
58
40
59
41
## These settings are for a package-type install
63
45
MANDIR=$(PREFIX)/share/man
64
46
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
65
47
STATEDIR=$(DESTDIR)/var/lib/mandos
66
LIBDIR=$(shell \
67
for d in \
68
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
69
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
70
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
71
echo "$(DESTDIR)$$d"; \
72
break; \
73
fi; \
74
done)
75
48
##
76
49
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
78
TMPFILES=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
79
80
50
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
81
51
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
82
52
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
84
54
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
85
55
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
86
56
getconf LFS_LDFLAGS)
87
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
88
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
89
57
90
58
# Do not change these two
91
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
92
$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
93
$(GPGME_CFLAGS) -DVERSION='"$(version)"'
94
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
59
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
60
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
61
-DVERSION='"$(version)"'
62
LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
95
63
96
64
# Commands to format a DocBook <refentry> document into a manual page
97
65
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
100
68
--param make.single.year.ranges 1 \
101
69
--param man.output.quietly 1 \
102
70
--param man.authors.section.enabled 0 \
103
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
71
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
104
72
$(notdir $<); \
105
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
106
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
107
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
108
fi >/dev/null)
73
$(MANPOST) $(notdir $@);\
74
LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \
75
--local-file $(notdir $@) >/dev/null)
76
# DocBook-to-man post-processing to fix a '\n' escape bug
77
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
109
78
110
79
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
111
80
--param make.year.ranges 1 \
123
92
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
124
93
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
125
94
plugins.d/plymouth
126
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
127
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
95
CPROGS=plugin-runner $(PLUGINS)
128
96
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
129
97
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
130
98
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
257
225
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
258
226
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
259
227
260
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
261
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
262
) $(LOADLIBES) $(LDLIBS) -o $@
263
264
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
265
check run-client run-server install install-html \
266
install-server install-client-nokey install-client uninstall \
267
uninstall-server uninstall-client purge purge-server \
268
purge-client
228
.PHONY : all doc html clean distclean run-client run-server install \
229
install-server install-client uninstall uninstall-server \
230
uninstall-client purge purge-server purge-client
269
231
270
232
clean:
271
233
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
277
239
278
240
check: all
279
241
./mandos --check
280
./mandos-ctl --check
281
242
282
243
# Run the client with a local config and key
283
244
run-client: all keydir/seckey.txt keydir/pubkey.txt
284
245
@echo "###################################################################"
285
246
@echo "# The following error messages are harmless and can be safely #"
286
@echo "# ignored: #"
287
@echo "# From plugin-runner: setgid: Operation not permitted #"
288
@echo "# setuid: Operation not permitted #"
247
@echo "# ignored. The messages are caused by not running as root, but #"
248
@echo "# you should NOT run \"make run-client\" as root unless you also #"
249
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
250
@echo "# From plugin-runner: setuid: Operation not permitted #"
289
251
@echo "# From askpass-fifo: mkfifo: Permission denied #"
290
@echo "# From mandos-client: #"
291
@echo "# Failed to raise privileges: Operation not permitted #"
292
@echo "# Warning: network hook \"*\" exited with status * #"
293
@echo "# #"
294
@echo "# (The messages are caused by not running as root, but you should #"
295
@echo "# NOT run \"make run-client\" as root unless you also unpacked and #"
296
@echo "# compiled Mandos as root, which is also NOT recommended.) #"
252
@echo "# From mandos-client: setuid: Operation not permitted #"
253
@echo "# seteuid: Operation not permitted #"
254
@echo "# klogctl: Operation not permitted #"
297
255
@echo "###################################################################"
298
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
299
256
./plugin-runner --plugin-dir=plugins.d \
300
--plugin-helper-dir=plugin-helpers \
301
257
--config-file=plugin-runner.conf \
302
258
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
303
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
304
259
$(CLIENTARGS)
305
260
306
261
# Used by run-client
309
264
./mandos-keygen --dir keydir --force
310
265
311
266
# Run the server with a local config
312
run-server: confdir/mandos.conf confdir/clients.conf statedir
267
run-server: confdir/mandos.conf confdir/clients.conf
313
268
./mandos --debug --no-dbus --configdir=confdir \
314
269
--statedir=statedir $(SERVERARGS)
315
270
321
276
install --directory confdir
322
277
install --mode=u=rw $< $@
323
278
# Add a client password
324
./mandos-keygen --dir keydir --password --no-ssh >> $@
279
./mandos-keygen --dir keydir --password >> $@
325
280
statedir:
326
281
install --directory statedir
327
282
334
289
335
290
install-server: doc
336
291
install --directory $(CONFDIR)
337
if install --directory --mode=u=rwx --owner=$(USER) \
338
--group=$(GROUP) $(STATEDIR); then \
339
:; \
340
elif install --directory --mode=u=rwx $(STATEDIR); then \
341
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
342
fi
343
if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
344
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
345
$(TMPFILES)/mandos.conf; \
346
fi
292
install --directory --mode=u=rwx --owner=$(USER) \
293
--group=$(GROUP) $(STATEDIR)
347
294
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
348
295
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
349
296
mandos-ctl
357
304
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
358
305
install --mode=u=rwx,go=rx init.d-mandos \
359
306
$(DESTDIR)/etc/init.d/mandos
360
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
361
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
362
fi
363
307
install --mode=u=rw,go=r default-mandos \
364
308
$(DESTDIR)/etc/default/mandos
365
309
if [ -z $(DESTDIR) ]; then \
375
319
> $(MANDIR)/man5/mandos.conf.5.gz
376
320
gzip --best --to-stdout mandos-clients.conf.5 \
377
321
> $(MANDIR)/man5/mandos-clients.conf.5.gz
378
gzip --best --to-stdout intro.8mandos \
379
> $(MANDIR)/man8/intro.8mandos.gz
380
322
381
323
install-client-nokey: all doc
382
install --directory $(LIBDIR)/mandos $(CONFDIR)
324
install --directory $(PREFIX)/lib/mandos $(CONFDIR)
383
325
install --directory --mode=u=rwx $(KEYDIR) \
384
$(LIBDIR)/mandos/plugins.d \
385
$(LIBDIR)/mandos/plugin-helpers
386
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
326
$(PREFIX)/lib/mandos/plugins.d
327
if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
387
328
install --mode=u=rwx \
388
--directory "$(CONFDIR)/plugins.d" \
389
"$(CONFDIR)/plugin-helpers"; \
329
--directory "$(CONFDIR)/plugins.d"; \
390
330
fi
391
331
install --mode=u=rwx,go=rx --directory \
392
332
"$(CONFDIR)/network-hooks.d"
393
333
install --mode=u=rwx,go=rx \
394
--target-directory=$(LIBDIR)/mandos plugin-runner
334
--target-directory=$(PREFIX)/lib/mandos plugin-runner
395
335
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
396
336
mandos-keygen
397
337
install --mode=u=rwx,go=rx \
398
--target-directory=$(LIBDIR)/mandos/plugins.d \
338
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
399
339
plugins.d/password-prompt
400
340
install --mode=u=rwxs,go=rx \
401
--target-directory=$(LIBDIR)/mandos/plugins.d \
341
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
402
342
plugins.d/mandos-client
403
343
install --mode=u=rwxs,go=rx \
404
--target-directory=$(LIBDIR)/mandos/plugins.d \
344
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
405
345
plugins.d/usplash
406
346
install --mode=u=rwxs,go=rx \
407
--target-directory=$(LIBDIR)/mandos/plugins.d \
347
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
408
348
plugins.d/splashy
409
349
install --mode=u=rwxs,go=rx \
410
--target-directory=$(LIBDIR)/mandos/plugins.d \
350
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
411
351
plugins.d/askpass-fifo
412
352
install --mode=u=rwxs,go=rx \
413
--target-directory=$(LIBDIR)/mandos/plugins.d \
353
--target-directory=$(PREFIX)/lib/mandos/plugins.d \
414
354
plugins.d/plymouth
415
install --mode=u=rwx,go=rx \
416
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
417
plugin-helpers/mandos-client-iprouteadddel
418
355
install initramfs-tools-hook \
419
356
$(INITRAMFSTOOLS)/hooks/mandos
420
357
install --mode=u=rw,go=r initramfs-tools-hook-conf \
465
402
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
466
403
$(DESTDIR)/etc/crypttab
467
404
-rm --force $(PREFIX)/sbin/mandos-keygen \
468
$(LIBDIR)/mandos/plugin-runner \
469
$(LIBDIR)/mandos/plugins.d/password-prompt \
470
$(LIBDIR)/mandos/plugins.d/mandos-client \
471
$(LIBDIR)/mandos/plugins.d/usplash \
472
$(LIBDIR)/mandos/plugins.d/splashy \
473
$(LIBDIR)/mandos/plugins.d/askpass-fifo \
474
$(LIBDIR)/mandos/plugins.d/plymouth \
405
$(PREFIX)/lib/mandos/plugin-runner \
406
$(PREFIX)/lib/mandos/plugins.d/password-prompt \
407
$(PREFIX)/lib/mandos/plugins.d/mandos-client \
408
$(PREFIX)/lib/mandos/plugins.d/usplash \
409
$(PREFIX)/lib/mandos/plugins.d/splashy \
410
$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
411
$(PREFIX)/lib/mandos/plugins.d/plymouth \
475
412
$(INITRAMFSTOOLS)/hooks/mandos \
476
413
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
477
414
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
483
420
$(MANDIR)/man8/splashy.8mandos.gz \
484
421
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
485
422
$(MANDIR)/man8/plymouth.8mandos.gz \
486
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
487
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
423
-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
424
$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
488
425
update-initramfs -k all -u
489
426
490
427
purge: purge-server purge-client
494
431
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
495
432
$(DESTDIR)/etc/default/mandos \
496
433
$(DESTDIR)/etc/init.d/mandos \
497
$(SYSTEMD)/mandos.service \
498
$(DESTDIR)/run/mandos.pid \
499
434
$(DESTDIR)/var/run/mandos.pid
500
435
-rmdir $(CONFDIR)
501
436
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0